Method and system for visualizing a level of trust of network communication operations and connection of servers

ABSTRACT

The invention is a method and system for visualizing a level of trust of network communication operations and connection of servers. In a system comprising a terminal, including a display and a network, the terminal using a browser to communicate with a network during a terminal session comprising at least communication operation initiated by a user and transmitted to the network, a method of the invention includes initiating a terminal session with the browser by making a transmission to the network; the network, in response to initiation of the terminal session, provides information from the network to the browser relating to the terminal session; and displaying on the display a level of trust based upon a standard of comparison of the at least one communication operation prior to transmission to the network informing the user of a level of security determined to be associated with the at least one communication operation if the at least one communication operation is permitted by the user to be transmitted to the network.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a system and method permitting a userof a terminal to visualize a level of trust of network communicationsand connections to servers.

2. Description of the Prior Art

FIG. 1 shows a prior art mobile terminal 1 of the Assignee used forcellular telecommunications, which communicates via a wirelesstelecommunication network, e.g. a cellular network.

The keypad 2 has a first group of twelve keys 7, e.g. alphanumeric keys,by means of which the user can enter a telephone number, write a testmessage using Short Message Service (SMS), write a name (associated withthe phone number), etc. Each of the twelve alphanumeric keys 7 isprovided with identifying numerals “0–9” or a sign “#” or “*”,respectively. In alpha mode, each key is associated with a number ofletters and special signs are used in text editing.

The keypad 2 additionally comprises a second group of keys which are twosoft keys 8, two call handling keys 9, and a navigation key 10. The twosoft keys 8 operate in conjunction with the liquid crystal display 3 todisplay text which varies dependent upon the mode of operation andprovides the user with the ability to select different programmed modesof operation provided by programming resident in the memory 17. Softkeys are not limited to the selection of a single dedicated terminalfunction. The illustrated soft keys 8 may have a functionalitycorresponding to the Assignee's models 2110™ and 8110™. At least one ofthe soft keys is defined as an operation key 8 a having multiplefunctionality for handling access to a menu structure. The functionalityof the operation key 8 a depends on the present state of the mobileterminal. The operation key 8 a is arranged to perform a group ofpredetermined actions associated with a state. The default function orthe present function of the operation key 8 a can be displayed in apredetermined area 21 of the display 3.

The scroll key 10, which can also be called a navigation key, is anup/down key and is placed centrally on the front surface of the mobileterminal between the display 3 and the group of alphanumeric keys 7. Theuser controls the scroll key 10 by simply pressing the up/down key usinghis/her thumb which allows the user to scroll between a group of itemsin a menu provided in the user interface. Since many experienced usersare used to one-hand control, it is a very good solution to place aninput key, requiring precise motor movements. Thus, the user may placethe mobile terminal in the hand between the finger tips and the palm ofthe hand. The thumb is thereby free for inputting information. Thescroll key 10 can be a roller key (not shown), which is arranged torotate in one or several directions. The roller key allows the user toroll the key to scroll between different items in a menu. The roller key10 may be in accordance with the Assignee's U.S. patent application Ser.No. 08/923,696, now U.S. Pat. No. 5,911,945, which is incorporatedherein by reference in its entirety.

Further, the scroll key 10 allows the user to scroll selectively betweena group of items in a menu. This means that the user can select an itempreceding or succeeding the item in the menu loop of the phone, whilehe/she can access a sub-menu loop under the item concerned in the menuloop by activation of the operation key 8 a.

In some states, such as entering a phone number on the alphanumerickeypad 7, the other soft key 8 b can be defined as a clear key, whichmay be used for erasing the last entered digit or letter by briefdepression on the clear key 8 b. If the clear key 8 b is depressed for alonger duration, the entire number or word is erased.

Although the functions of the mobile terminal 10 may be controlled bythe operational key 8 a, it sometimes can be expedient to use two ormore operational soft keys in the second group of keys, which can beintegrated into a touch-sensitive display (not shown) in a manneranalogous to a screen of a personal digital assistant (PDA).

The two call handling keys 9 are used for establishing a call or aconference call, terminating a call or rejecting an incoming call.

FIG. 2 schematically shows a block diagram of major parts of the mobileterminal 1 of FIG. 1. These parts are conventional and are typicallyused in mobile terminals such as those in which the present inventionmay be practiced. The microphone 6 records the user's speech, and analogsignals formed thereby are A/D converted in an A/D converter (not shown)before the speech is encoded in an audio part 14. The encoded speechsignal is transferred to a controller which is a programmedmicroprocessor 18 that executes programming to control the mobileterminal 1 of FIG. 1. The processor 18 may execute diverse types ofsoftware to provide a wide variety of terminal functions during anactive mode which are well known. The processor 18 also forms theinterface to peripheral units, comprising a LCD driver 13 which drivesthe LCD display 3 of FIG. 1 to provide graphical displays to the user,RAM memory 17 a and a Flash ROM memory 17 b, a SIM card 16, and thekeyboard 2 in the form, for example without limitation, of a keypad (aswell as data, power supply, etc.). The processor 18 communicates with atransmitter/receiver 19, which sends/receives a request/response to/fromone or several telecommunication networks. The audio part 14speech-decodes the signal, which is transferred from the processor 18 tothe speaker 5, via a D/A converter (not shown).

Internet users use worldwide web (WWW) browsers to access informationservices on WWW servers. WWW browsers are programs running in a user'scomputer. The user's computer may be mobile and connected to theinternet via a wireless link or fixed and connected to the internet viaa wire line connection. A WWW server provides pages to a WWW browser.The WWW server stores or generates information shown in pages andtransmits the information to the WWW browser using an internetconnection or session.

A WWW server may have a certificate issued by a trusted third party(TTP) also known as Certificate Agency (CA) which, along with a secretkey, provides the identity of the server to the client user of the fixedor mobile terminal. The certificate contains the verified name of theserver or organization responsible for the server.

WWW pages may be divided into frames generated by different servers. Theframes from different servers are combined into an integrated page whichis displayed on a user terminal under control of the WWW browser.

It is important to prevent a WWW server from impersonating a true WWWserver. Any impersonation could allow the impersonating server to gain,secret, confidential or commercially sensitive information. Currently,browsers do not permit the identity of a server providing pagescontaining frames integrated together from different servers to beindicated to a user in a practical and easy way.

Currently, the identity of the server is not shown to the users in a WWWbrowser through the user interface (UI). It is possible in somecircumstances to find out the identity of the server through commandsthrough the UI interface of the browser. Most users of a browser do notcheck the identity of the server to which the browser is connectedbecause such identity checking is not easy and furthermore many users donot even realize the potential problem.

When a WWW page contains several frames only the first frame's statuscan be seen in current browsers. This makes it impossible to check theidentity of the servers providing frames which are integrated into apage using a browser.

FIG. 3A shows a generic log in page of a WWW browser displaying a singleframe 100. The information content of the frame 100 is not important.The indicator 102 in the bottom of the frame, which is a lock orotherwise such as that used by the Netscape Navigator™ is used tovisually inform the user if the connection is considered secured. Asillustrated, the lock is closed which indicates that for the single page100 the unidentified source server is indicated as being secure.However, to find out the true identity of the server providing thesingle frame 100, it is necessary to click on the indicator 102 tofurther have the certificate of the server providing the frame 100 shownon the display 104.

FIG. 3B illustrates a log-in page 105 which is split into two frames 106and 108 which are provided from different servers. The content thereofnot being important. Frames 106 and 108 are provided by differentservers. The lock indicator 102, as a result of being unlocked,indicates only that the left-hand frame 106 is from a non-secure server.However, the indicator 102 does not convey any information regarding theright-hand frame 108. However, if the frame 108 contains informationwhich is, secret, confidential or business sensitive, it is critical forthe user of the browser to be advised of the identity of the server 108as being one which has a recognized identity to the user and is securein order to provide the user with a reasonable degree of security aboutthe server to which the user may supply secret, confidential or businesssensitive information. However, no information about the serverproviding the frame 108 is available leaving the user in the quandary ofproceeding with communications through the internet involving secret,confidential or business sensitive information which is being directedto a server of unknown authenticity.

The security indicator 102 of the prior art does not provide, even whensecurity is indicated, that a mail session is secure which can misleadthe user about the correctness of security and does not provide the userinformation about the actual level of security or about the credibilityof the sources of the frames. The security indicator 102 of the priorart may indicate either a weak security with no authentication which issubject to being compromised and or a strong security withauthentication. The possible different interpretations of the indicator102 makes the indicator of little value to a concerned user.

SUMMARY OF THE INVENTION

The present invention is a system and method which (1) enables a user ofthe terminal which may be mobile or fixed, which is coupled to a networksuch as, but not limited to the internet, to determine for at least onecommunication operation and preferable all communication operationsassociated with a terminal session through a display on the display ofthe terminal a level of trust of the communication operation(s) relativeto a standard prior to transmission thereof to the network informing theuser of a level of security determined to be associated with thecommunication operation(s) permitted by the user to be transmitted tothe network, and (2) when the display on the terminal contains multipleframes, that the source of all of the frames, which may be from multipleapplication servers, is certified to the user as being a secure sourceon which the user may rely to transmit secret, confidential or businessinformation thereto without concern for the security thereof.

The display of a level of trust on the terminal device, which may bemobile or fixed and connected to the network via either wireline orwireless connectivity, informs the user of a relative level of securitydetermined to be associated with each communication operation of aterminal session to thereby enable the user to choose whether tocontinue with the communication operations of the session based upon thedisplayed level of trust. The determination of the level of trust may bedetermined (1) solely at the mobile terminal through information storedin the mobile terminal at the time of manufacture or downloadedthereafter thereto, (2) solely from at least one server in a network towhich the communication operations will be transmitted prior to theactual transmission thereof to the network to obtain a level of trustevaluation thereof, or (3) through a sharing of the determination of thelevel of trust between at least one network server and a processor inthe terminal. The present invention may be practiced with equal facilityregardless of where in the system the level of trust is determined.

A number of factors may be utilized in determining the level of trustwhich is displayed. A first attribute of the level of trustdetermination is dependent upon the technology utilized during thecommunication operation between the terminal and the network. Thetechnological component is dynamic in nature in that with the passage oftime, technologies which may be initially highly secure and have a highlevel of security associated therewith may, because the advent of newertechnologies, become relative to the state of the art less secure. Theresulting level of trust in this situation should be downgraded eventhough the same technology is being continually used. For example,without limitation, the technological component may pertain to (1)encryption utilized during the transmission of the communicationoperations between the terminal and various entities in the network, (2)how the session is initiated, (3) how storage in the terminal isaccomplished, and (4) how the identification of the user is made by theuser of the terminal.

Additionally, beyond the aforesaid technological attributes of theterminal and the network, non-technological attributes may be utilizedto determine the level of trust, such as, but without limitation, thereliability of the operator of the application server to which theterminal is connected during the session and the commercial viability ofany commercial offering made by the operator of the application serveror otherwise of a source of the purchased goods or services, etc.

The display of the level of trust by the terminal may be withoutlimitation numerical or graphical. Regardless of the type of display,the display is relative to a standard of reference such that a largernumerical quantity displayed represents a greater level of trust or agreater graphical representation, such as without limitation, a numberof bars from zero to four with four being the greatest provides the userwith sufficient information in order for the user to make an intelligentchoice of whether to authorize the communication operation to be madewith the network. While the ultimate choice of continuing with a sessioncontaining multiple communication operations dependent upon the displayof the level of trust is the user's choice, the present invention'sdisplay of the relative level of trust enables intelligent choices to bemade by the user of whether to transmit in a communication operationsecret, confidential, or business information to the network.

Numerous different weighting factors may be associated with thetechnological and non-technological attributes used to determine thelevel of trust. The present invention is not limited to any particularchoice of attributes used for determining the level of trust both fromthe technological and non-technological perspective. Furthermore, asstated above, the present invention facilitates a current assessment ofthe level of trust to be made dependent upon change in the technologicaland non-technological attributes over time so as to give the user of theterminal during any current session the most up to date informationinvolving the level of trust.

The level of trust may be calculated using a numerically based algorithmwhich sums different components of the attributes which are weighed todetermine the overall score representing a communication operation whichis being evaluated prior to transmission to the network. Anumerically-based algorithm may be easily updated to reflect change inthe contribution of various attributes which provide numericalcomponents of the possible perfect score.

Furthermore, the invention provides display of a single page containingframes from multiple servers with an indicator of whether the frames arecertified as being transmitted from servers which are secure. Acertification or other indication is displayed by the terminal to informthe user of whether each page containing multiple frames comes from theverified server with each frame coming from a secure source.

In a system comprising a terminal, including a display and a network,the terminal using a browser to communicate with a network during aterminal session comprising at least one communication operationsinitiated by a user and transmitted to the network, a method inaccordance with the invention includes initiating a terminal sessionwith the browser by making a transmission to the network; the network,in response to initiation of the terminal session, providing informationfrom the network to the browser relating to the terminal session; anddisplaying on the display a level of trust informing the user of a levelof security determined to be associated with the at least onecommunication operation if the at least one communication operation ispermitted by the user to be transmitted to the network based upon astandard of comparison of the at least one communication operation priorto transmission to the network informing the user of a level of securitydetermined to be associated with the at least one communicationoperation if the at least one communication operation is permitted bythe user to be transmitted to the network. The terminal may be a mobileterminal; and the at least one communication operation may comprisewireless transmissions between the mobile terminal and an entity in thenetwork. A level of trust of each of the communication operations may bedisplayed; and wherein each level of trust may be based at least in partupon technology in the network which is involved with each communicationoperation associated with the displayed level of trust. The network maycomprise a server which determines a level of trust of the at least onecommunication operation; and the level of trust determined by the servermay be transmitted to the terminal and displayed by the display thereof.The mobile terminal may comprise a processor; and in response to eachcommunication operation, the processor may determine a level of trustwhich is displayed by the display. The network may comprise a server andthe terminal may comprise a processor; and the server may provideinformation about processing of each communication operation by thenetwork to the processor and the processor in response to theinformation may determine the level of trust which is displayed by thedisplay. The server may determine a level of trust of each communicationoperation based at least in part on technology of the network associatedwith the network providing each communication operation. The level oftrust may also be at least in part dependent upon at least oneadditional attribute the network used in processing each communicationoperation. The at least one additional attribute may be at least one ofreliability of an operator of a server offering a service during thesession through the browser to the user (or by applying othercommunication means, such as e-mail or SMS) or commercial viability ofan offer of service made to the user during the session through thebrowser or other used network connection. The display of the level oftrust may be a graphic presentation or a numerical value.

A system in accordance with the invention includes a terminal includinga display; a network to which the terminal is coupled via acommunication link; and wherein the terminal uses a browser or e-mail orSMS to communicate with the network during a terminal session comprisingcommunication at least one operation initiated by the user andtransmitted to the network with the terminal session being initiatedwith the browser, e-mail, or SMS by making a transmission to thenetwork, the network, in response to initiation of the terminal session,provides information from the network to the browser, e-mail or SMSrelating to the terminal session, and the display displays a level oftrust informing the user of a level of security determined to beassociated with the at least one communication operation if the at leastone communication operation is permitted by the user to be transmittedto the network based upon a standard of comparison of at least onecommunication operation prior to transmission to the network informingthe user of a level of security determined to be associated with the atleast one communication operation if the at least one communicationoperation is permitted by the user to be transmitted to the network. Alevel of trust of each communication operation may be displayed; andwherein each level of trust is based at least in part upon technology inthe network which is involved with each communication operationassociated with the displayed level of trust. The network may comprise aserver which determines a level of trust of each communicationoperation; and the level of trust determined by the server may betransmitted to the terminal and displayed by the display thereof. Themobile terminal may comprise a processor; and in response to eachcommunication operation, the processor may determine a level of trustwhich is displayed by the display. The network may comprise a server andthe terminal may comprise a processor; and the server may provideinformation about processing of each communication operations by thenetwork to the processor and the processor in response to theinformation may determine the level of trust which is displayed by thedisplay. The server may determine a level of trust of each communicationoperation based at least in part on technology of the network associatedwith the network providing each communication operation. The level oftrust may also be at least in part dependent upon at least oneadditional attribute the network used in processing each communicationoperation. The at least one additional attribute may be at least one ofreliability of an operator of a server offering a service during thesession through the browser, email or SMS to the user or commercialviability of an offer of service made to the user during the sessionthrough the browser. The display of the level of trust may be a graphicpresentation or a numerical value.

A system in accordance with the invention comprises a terminal includinga display; a network including a server to which the terminal is coupledby a telecommunications link; and wherein the server stores acertificate issued by a trusted third party, such as CA containing averified identity of the server or an organization responsible for theserver and a secret key, the secret key and the certificate, beingtransmitted to the terminal and processed by the terminal to determineif the identify of the server may be displayed to a user of the terminalas being from a trusted source, the display containing at least one pagecontaining frames and a display may be displayed indicating whether theframes are certified as being from a trusted source. The system mayfurther include at least one additional server, the at least oneadditional server providing at least one frame to the server; and theserver may process the at least one frame from the additional server andany frame provided by the server to form an integrated page containingthe frames which is transmitted to the terminal and displayed by thedisplay. The integrated page may be displayed with the certificate ofthe server indicating that the integrated page is from a trusted source.

A method in a system comprising a terminal including a display, anetwork including a server to which the terminal is coupled by atelecommunications link in accordance with the invention includingstoring with the server a certificate issued by a trusted third party,such as CA, containing a verified identity of the server or anorganization responsible for the server and a secret key; transmittingthe certificate and the secret key to the terminal; and processing atthe terminal the certificate and the key to determine if the identity ofthe server may be displayed to the user of the terminal as being atrusted source; and displaying with the display results of theprocessing. The network may comprise at least one additional server; theat least one additional server may provide at least one page to theserver; and the server may process the at least one page from theadditional server and any page provided by the server to form anintegrated page which is transmitted to the terminal and displayed bythe display. The integrated page may be displayed with the certificateof the server indicating that the integrated page is from a trustedsource.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a prior art mobile terminal which is one type ofterminal which may be used with the practice of the present invention.

FIG. 2 illustrates a block diagram of the electronics of the prior artmobile terminal of FIG. 1.

FIGS. 3A and 3B illustrate prior art browser log-on screens.

FIGS. 4A–4E illustrate a display of a level of trust indicator inaccordance with the present invention.

FIG. 5 illustrates a system diagram of a system in accordance with theinvention which generates a display of the level of trust used to informthe user of the security level of communication operation and thatdisplayed pages each containing multiple frames are from secure servers.

FIG. 6 illustrates a flow chart of the processing of individualcommunication operations by a trust evaluation server in the system ofFIG. 5.

FIG. 7 illustrates a browser log on screen displayed in accordance withthe present invention.

Like reference numerals identify like parts throughout the drawings.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIGS. 4A and 4B illustrate a display on a terminal device of a level oftrust in accordance with the present invention. The level of trust isrelative to a standard of comparison so that the display of the level oftrust in association with communication operation(s) prior totransmission thereof to a network informs the user of a level ofsecurity determined to be associated therewith relative to othercommunication operations. The display of the level of trust enables theuser to choose whether a communication operation is transmitted to thenetwork after the user has considered the potential level of risk oftransmitting secret, confidential or business sensitive information withthe communication operation. The network to which communicationoperations are transmitted is part of the system of FIG. 5 as describedbelow. The displays 100 and 102 may be produced by the LCD 3 of theprior art terminal of FIG. 1 or may be produced by a display of aterminal device, such as a PC. As illustrated, the display is physicallysimilar to that produced by the prior art mobile terminal of FIG. 1 butthe invention is not limited thereto.

The displays 100 and 102 respectively represent the first and secondcommunication operations of a terminal session. With the invention,prior to actually communicating with the network with a communicationoperation a display 104, which may be graphical as illustrated,numerical, textual or any combination thereof, is produced on each ofthe displays 100 and 102 associated with the different communicationoperations. When the terminal session proceeds to the first operation,the block 110 in FIG. 4A, which is identified by the text “Card Type”,is highlighted with a field contained within a rectangular window asillustrated. The highlighting of the “Card Type” tells the user that thefirst communication of the terminal session is active and if thedisplayed level of trust is acceptable, the user should input the user's“Card Type”.

When the terminal session proceeds to the first communication operation110 requesting the user to input the “Card Type”, a communication issent either to the network, as described below, to a trust evaluationserver therein or the terminal determines the level of trust or acombination of the trust evaluation server and the terminal is used.Based upon information stored within the RAM 17A of a prior art mobileterminal or other memory, such as RAM in a PC, determination of a levelof trust to be associated with the first communication operation isperformed before the first communication operation is permitted by theuser to be transmitted to the network. As indicated, the display 104 ofFIG. 4A shows two bars 112 indicating an intermediate level of securityhas been determined to be associated with the initial communicationoperation by either the processor 18 of the mobile terminal of FIGS. 1and 2 executing programming therein or alternatively, the trustevaluation server, as described below in association with FIG. 5, or adistribution of the determination of the level of trust between theprocessor of the mobile terminal and the trust evaluation server of thenetwork. The display of two bars 112 tells the user that there is anintermediate level of security associated with the transmission of the“Card Type” to the network, e.g. the identification of the bank card ortravel and entertainment card issuer.

In FIG. 4B field 114 associated with the second communication operationcard number is highlighted indicating that the second communicationoperation of the session is active. At the time of entry of the secondcommunication operation of the terminal session, the more sensitiveinformation of the “Card Number” is to be transmitted to the network.The level of trust of the second communication is determined in the samemanner as the first communication operation. The determined level oftrust is displayed as three bars 112 indicating that there is a higherlevel of security associated with the second communication operation.

“Name” and “Address” communication operations are processed in a similarmanner. If the user proceeds through the third and fourth communicationoperations associated with “Name” and “Address” of FIGS. 4A and 4B, eachcommunication operation of the session will, before transmission to thenetwork, have a displayed level of trust.

Moreover, it should be understood that the session as displayed in FIGS.4A and 4B, is only exemplary of the present invention. The invention isequally applicable to sessions involving different numbers and types ofcommunication operations. Furthermore, while the displayed session iscommercial in nature and is associated with the purchase of goods orservices, sessions in accordance with the present invention have diverseapplications.

The benefit of the displayed level of trust to the user is several fold.First, the display of an indicated level of trust having at least onebar informs the user that there is some level of security associatedwith the communication operation which provides a limited degree ofassurance that security is in place. Furthermore, based upon the user'slevel of experience of what he or she considers to be sensitive, thedisplay provides a quantification of the level of security eithernumerically or graphically (numerical quantification has not beenillustrated) permitting the user to evaluate the true level of trustassociated with each part of the session with a common frame ofreference as illustrated in FIGS. 4C–4E. In FIG. 4C, the leftmostsection area 120 of the middle area (half of the display width) displayis the selected frame of the two available frames 118 and 119. Theselected frame 118 is indicated to be the selected one with a squareframe 120. The determined level of trust is displayed as two bars 122.In FIG. 4D, the rightmost section area 130 in the middle area of thedisplay is the selected frame of the two available frames 128 and 129.The selected frame 129 is indicated to be selected with a square frame130. The determined level of trust is displayed as three bars 132. InFIG. 4E, the user display includes two frame areas 138 and 139 in themiddle of the display. In the leftmost frame area 138 there is a sectionwhich is a so-called JAVA applet 140. The applet area 140 is nowselected with selection frame 144. The level of trust of the applet 144is displayed as one bar 142. The consideration of at least one andpreferably all communication operations of a session permits the sessionto be stopped if the user determines that the displayed level of trustis unacceptably low with regard to what the user considers to beimportant with respect to the release of the requested information tothe network.

The displayed level of trust is relative to a standard of comparison.Communication operations during a session will be evaluated relative tothe same standard. The synthetic displayed level of trust, whethergraphical, numerical text or some combination thereof or text, tells theuser how the security of the particular communications operationcompares with respect to other communication operations. The displayedlevel of trust indicator, which is determined as described below takinginto account both technical and non-technical attributes of the session,enables the user to place on each communication operation a level oftrust by being able to visually see the level of trust prior totransmission of each communication operation to the network.

There are two preferred methodologies for determining the displayedlevel of trust. The first methodology is to store in the memory of theprocessor associated with the terminal device the determinationalgorithm of the level of trust which may be if the terminal device ismobile, the RAM 17A associated with the processor 18 of FIGS. 1 and 2 orinto the memory of a PC if the terminal device is connected via awireline to the network. The stored information contained in the memoryof the terminal device is used to analyze at least the technicalattributes preferably of each of the communication operations of thecurrent session to determine the level of trust to be displayed. Onebasis for doing this is to compare the technology utilized by theterminal device and network associated with the session to the currentstate of the art of terminal and network technologies stored in memory,including being periodically downloaded to update the memory withcurrent technologies. For example, if the user were about to storetransaction details in the terminal, the user may be presented withoptions of storing in the terminal memory or in the SIM module inFIG. 1. In view of SIM representing a current state of the art securestorage while RAM does not, the level of trust for storage in SIM willbe displayed as higher. Additionally, if a user is to make an encryptedconnection as part of a communication operation to a remote server inthe network, the terminal device will cause the display of a higherlevel of security in view of the communication operation beingidentified by the terminal as being encrypted which is understood as ahigher level of security.

The foregoing examples of technological attributes of the mobileterminal are only exemplary of other attributes of the technology whichmay be stored as representing the state of the art. The storedinformation, including the algorithm, represents the framework forcomparison to generate the display of the level of trust.

Determination of the level of trust by the terminal has somedisadvantages. To the extent that the material stored in the memory ofthe terminal device is not continually updated from the network, theeffects of technological change and real life relationships may alterthe significance of a displayed level of trust over time. As technologyprogresses, SIM may be cracked and may no longer represent the bestsolution for local secure storage. Nevertheless, unless the informationstored in the memory of the terminal is updated regarding SIM, the useris given a display of a higher level of trust than that actually presentin the future when SIM may become a less secure manner for storinginformation securely at the terminal in comparison to possible newertechnologies. Furthermore, the real life information which exists abouta session with a particular server may be inconsistent with thedisplayed level of security, such as when the terminal determines that asecure authenticated connection has been made but, in fact such aconnection turns out to be in a totally non-secure environment. Ofcourse factors such as the above, while being possible, are relativelyunlikely. The information provided by the display of the level of trustin accordance with the invention is finer grained than the prior artwhich does not provide such information. To a large extent even with thepossibility of error, the level of trust will be much more reliable evenwhen the memory of the terminal is not updated to reflect weighing thesecircumstances into the determination of the level of trust.

The displayed level of trust indicator 104, whether graphical, numericalor otherwise, such as with a textual message or a combination thereof,is generated in the same manner that other communications on displaydevices for terminals are generated. For an internet browser, theindicator 104 could be placed on the status bar.

FIG. 5 illustrates a system 200 in which the present invention may bepracticed. This system comprises a terminal 202, which may be a mobileterminal in accordance with the prior art of FIGS. 1 and 2, or a fixedterminal which may be a PC as well known, and a network 204. Theterminal 202 has a display 206 which displays the aforementioned screensof FIGS. 4A–4E and other displays for providing the user withinformation about the terminal session and specifically, at least thelevel of trust indicator 124 or equivalent. The terminal 202 isconnected by a communications link 208, which may be wireless orwireline, to a trust evaluation server 210. The level of trust may bedetermined also by a server in the network 204, such as the trustevaluation server 210 or through the combined operations of theprocessor(s) in the terminal 202 and in the trust evaluation server.

The network 204 includes a plurality of application servers 212 whichare well known and are representative of any information source to whichthe terminal 202 is connected during a session of communicationoperations. Connectivity between the mobile terminal 202 and each of theapplication servers 212 may be through any type of network, including apacket data network 214 such as, but not limited to, the internet.Application servers 212 are typically controlled by organizations. Theidentity of the organizations is one of the attributes which may betaken into consideration during the determination of the level of trustdetermined solely by the processor of the terminal 202, solely by theprocessor of the trust evaluation server 210 or a combination thereofwhere each processor shares part of the task of determination of thelevel of trust. Additionally, the trust evaluation server 210 isconnected to additional servers which are without limitation technologywatchdog server 218, certificate issuer server 220 and market analysisserver 222, which each provide an analysis of different attributes whichare weighed and/or considered in determining the level of trust by thetrust evaluation server 210.

The communication operation depicted in FIG. 5 is a “go and buy”communication operation 224. A series of processings occur in responseto the “go and buy” communication operation 224 as follows. The initialentry of a “go and buy” communication operation 224, as highlighted orotherwise identified in the display, such as that described above inconjunction with FIGS. 4A–4E causes a communication 226 to betransmitted from the mobile terminal 202 to the trust evaluation server210. At this point, the trust evaluation server 210 initiates ananalysis which considers both technological attributes of the terminalsession and non-technological attributes. The trust evaluation server210 initiates a communication 228 to the technology watchdog server 218which requests an evaluation of whether the to be utilized 128 bitencryption 230 contained in the “go and buy” operation 224 representsstate of the art technology. The technology watchdog server 218, whichcontains a database which is updated to reflect the most currentutilized technologies, including that involving encryption, etc.,analyzes the 128 bit encryption 230 and sends a state of the art message230 in a communication 232 back to the trust evaluation server 210. Thetrust evaluation server 210 then sends a communication 234 whichrequests the certificate issue server 220 to determine if thecertificate “ABC” to be contained in the “go and buy” communicationoperation 224 is authentic. The certificate issuer server 220 determinesthat the certificate will expire in a week as indicated at message 237and therefore is currently authentic. The trust evaluation server 210then sends communication 238 indicating that the “go and buy” message isindicated in message 239 will be directed to company “XYZ” and willinvolve $200 U.S. Dollars. The market analysis server 222 sends acommunication 240 back to the trust evaluation server 210 containing themessage 241 that company “XYZ” has a bad reputation. At this time, thetrust evaluation server 210 has considered technological informationrelative to the state of the art as provided by technology watchdogserver 218 and non-technological information. Non-technologicalinformation to determine whether or not the certificate provided by the“go and buy” operation 224 is current is indicated by the certificateissuer server 220 and business analysis information regarding thecompany to which the transaction is directed is indicated by the marketanalysis server 222.

The combination of technological and non-technological information,which is only one possible subset of informations which may be utilizedby the trust evaluation server 210 to determine the level of trust, isprocessed by the processor(s) within the trust evaluation server 210 inaccordance with programmed criteria utilized to generate in part ortotally the level of trust to be displayed by the display 206 of theterminal 202. After performing the processing of all of the availableattributes, both of a technological and non-technological naturegathered by the trust evaluation server 210, communication 242 istransmitted by the trust evaluation server 210 back to the terminaldevice 202. As illustrated at 244, the communication 242 includes themessage 244 that the “go and buy” operation 224 will be handled withacceptable technology but that the company to which the transaction isdirected has a questionable operation with the resultant level of trustbeing 70% with the level of trust to be displayed being 70%, thetechnological component of the transaction utilized in the network 204is acceptable, but the user of the terminal device 202 should be carefulbecause inferentially the company to which the transaction will bedirected has a bad reputation. Of course, if the certificate 235 wasinvalid, the indication in communication 242 would be that the “go andbuy” communication operation should not be initiated because theapplication server 212 of company XYZ (not illustrated) is notassociated with a certificate issued by a trusted third party which isextremely important to inform the user of the terminal device 202 thatthe user is not dealing with an authenticated server associated withcompany XYZ.

FIG. 6 illustrates a flowchart of one possible operation of the trustevaluation server 210 in analyzing communication operations to determinethe level of trust thereof to be displayed by the display 206 of theterminal 202. Processing of the trust evaluation server 210 starts atpoint 300 where the communication operation to be evaluated is a messagereceived from the terminal 202 at trust evaluation server 210.Processing proceeds to point 302 where the received message extracts theoperation which is to be evaluated for purposes of displaying a level oftrust, e.g. the “Card Type” or “Card Number” communication operations110 and 114 of FIGS. 4A–4E. Processing proceeds to point 304 where adetermination is made of whether the “Identity” and “Model” of theterminal 202 is listed in the message. If the answer is “yes”,processing proceeds to point 306 where information about the technologyused by the terminal is extracted. Processing proceeds to point 308 fromeither point 304 or point 306 where a determination is made of therequired technology attributes of the network 204 utilized for thecommunication operation. Processing proceeds to point 310 where adetermination is made if all attributes of the information in themessage received from the terminal have been evaluated. If the answer is“no” at point 310, processing proceeds to point 312 to evaluate the nextattribute of the message provided by the terminal which repeats untilall attributes have been evaluated. If the answer is “yes” at point 310,processing proceeds directly to point 314 where a default value isassigned for any missing attribute utilized as part of the criteria fordetermining the level of trust.

The default values are chosen to represent an average contribution ofeach missing attribute so as to not erroneously lower the calculatedlevel of trust to the minimum. Once an attribute is determined to bepart of the processing used for determining a level of security, thedefault value mechanism is utilized to permit a level of trust to becalculated in the absence of numerical values or otherwise beingprovided for each of the attributes. It is better to assume, in theabsence of any information, that the attribute has an average value thanno value at all.

Processing proceeds to point 316 after all of the attributes have valuesassociated therewith to calculate the final evaluation of the level oftrust which is typically numerical but is not limited thereto to bedisplayed by the terminal device 202 if the trust evaluation server 210is the sole source of the displayed level of trust. Processing finallyproceeds to point 318 which represents communication 242 back to theterminal 202.

It should be understood that the foregoing processing performed by thetrust evaluation server 210 is merely exemplary. Modification of theprocessing may be made to include different sequences of processingincluding not calculating the level of trust in the circumstance whenthe processing overhead is shared by the processor(s) within the trustevaluation server and the processor(s) within the terminal device 202.

The trust evaluation server 210 is usually a different entity than theapplication servers 212 which provide the user of the terminal 210 withapplications which are accessed during the session. While it is possiblethat the trust evaluation server 210 and the application servers 212 tobe one server, it is more likely that the illustrated architecture of atrust evaluation server 210 and application servers 212 will beutilized.

The trust evaluation server 210 may implement any trust assessmentmethodology for calculating completely or partially the level of trustso long as it is compatible with the operation of the terminal 202. Itmay be assumed that the trust evaluation server 210 at least takes intoaccount the technological attributes of the communication operationwhich are context specific to the communication operation with otherinformation as explained above also being used.

Many attributes of the technology utilized by both the terminal 202 andthe trust evaluation server 210 may be taken into consideration. Thesetechnology attributes include encryption, session initiation, localstorage and identification.

The overall trust evaluation may be performed solely by the terminal202, solely by trust evaluation server 210, or a combination thereof.The technology attributes assess the fitness of the technology to theoverall intended operation. What is acceptable for some communicationoperations as being secure may not be secure enough for othercommunication operations for the user to permit the communicationoperation to be performed by the network.

A listing of the relative security of encryption technologies from themost secure to the insecure may be as follows: operation within theterminal, 3 Data Encryption Standard (3DES), RC5 128 bit, RC5 56 bit(RC5 128 bit and RC5 56 bit being forms of RAS encryption) and noencryption.

A relative listing of session initiation technologies from the mostsecure to the least secure may be as follows: operation within terminal,server authenticated digital certificates (certificate must be evaluatedto make sure it is valid), server authenticated shared secret, serverauthenticated, network address and anonymous.

A relative listing of local storage technologies from the most secure tothe least secure are as follows: tamper-proof, hardware-based softwareencryption, no encryption, plain memory.

A relative listing of identification technologies from the most secureto the least secure may be as follows: biometrics, fingerprint, eye irisimage, etc., personal identification number (PIN) and none.

It should be understood that encryption, session initiation, localstorage and identification are not inclusive of all possibletechnological attributes of the terminal 202 and the network 204 whichmay be evaluated in the determination of the level of trust.Furthermore, the above-referenced relative listings of the most securetechnologies to the least secure technologies are subject to change andaugmentation depending upon new candidate technologies being available.

Furthermore, the relative weighting of different attributes based upontechnological and non-technological consideration, e.g. information fromthe technological watchdog server 218 versus information from the marketanalysis server 210 is subject to different implementations which willresult in different levels of trust depending upon how differentattributes are weighed within the determination and/or calculation ofthe level of trust. Different methodologies for calculating the level oftrust and the weighting of attributes therein are possible.

The display of the level of trust, regardless of how it is generated,represents information which is highly useful to the user of a terminalin a session of communication operations with one or more destinationservers in a network. The user assesses whether communication operationswithin the session represent any undue risk for which it is desirable toterminate the session. Furthermore, display of the level of trustprovides the user with a level of confidence that the overall session isnot going to expose the user's information inputted during the sessionto an acceptable risk of disclosure.

Furthermore, while determination of the level of trust solely by theterminal 202 is simpler, it has less flexibility than the utilizing ofthe trust evaluation server 210. This difference is the result of moreinformation being available through the trust evaluation server than isavailable through the processor(s) of the terminal device 202.

Non-technological attributes which may be weighed or considered in thetrust evaluation server's determination of the level of trust include,but are not limited to, reliability of the operator of the server andcommercial liability of any offer associated with the session. Thenon-technology attributes are reliability of the operator of theapplication server, commercial offering made by the operator of theapplication server or a source of the purchased goods or services.

Moreover, the order of the steps for determining the level of trust isimmaterial as long as the final determination of the level of trust isnot dependent upon the order.

As indicated above, the overall algorithm for determining the level oftrust may be shared between the processor of the trust evaluation server210 and the processor of the terminal 202. For example, the terminal 202may request from the trust evaluation server 210 raw scores regardingaspects of technology being used as obtained from the technologywatchdog server and the terminal 202 may evaluate other attributes andcalculate the final level of trust by itself. On the other hand, thetrust evaluation server 210 may perform all of the determination of thelevel of trust with the terminal 202 only displaying the final result asindicated by the flowchart of FIG. 6.

In a typical algorithm for determining the level of trust, there areseveral technology and non-technology attributes involved with not allattributes usually being present. Which attributes are present dependson an actual communication operation which is evaluated. If the terminal202 does not send to the trust evaluation server all of the attributesthat are required for the given communication operation, the trustevaluation server 210 still proceeds with calculating a level of trustusing the aforementioned default values.

One way for the trust evaluation server 210 to perform the processillustrated in FIG. 6 is to compare data provided by the terminal withthe weighting table. Examples are evaluating a security rating or byconsulting additional servers, e.g. technology watchdog server 218,certificate issue server 220 and market analysis server 222.

The processing of FIG. 6 may be extended so that the trust evaluationserver 210 receives the identity of the terminal (either in a form of anabsolute identity, e.g. IME number or as a make/model information) andthen uses the information stored within the server or at another site toextract the actual technology used by the terminal 202. In thiscircumstance, the terminal sends all the information about technologythat has been updated since the original release (e.g. new securitysoftware) or about technology that is used in conjunction with theterminal, e.g. the actual use of a smart card.

FIG. 7 illustrates another embodiment of the present invention which maybe practiced in the system of FIG. 5. The trust evaluation server 210transmits to terminal 202 a display 400 of pages as illustrated in FIG.7 having multiple frames like the prior art of FIG. 3B. By example, onlyframes 402 and 404 are illustrated, but each page is not limited to thedisplay of any set number of frames per page. The frames typically arefrom the application servers 212 in the network, but without limitationthereof. The trust evaluation server 210 transmits a series of page(s)400, including a certification 406 indicating that the trust evaluationserver 210 has collected information within the page 400 containing themultiple frames 402 and 404, which have been determined by the trustevaluation server 210 to be from secure sources. The “certified” message406 informs the user of the terminal 202 that the sources of all of theframes 402 and 404 have come from a trusted source.

The trust evaluation server 210 transmits pages to the browser of theterminal 202 through network 214. The trust evaluation server has acertificate issued by a TTP along with a secret key providing theidentity of the trust evaluation server 21. The certificate may beclicked “on” to reveal a verified identity of the trust evaluationserver 210 or the organization responsible therefor. The certificate 406further informs the user that all of the sources of the frames 402 and404, e.g. application servers 210 are from a trusted source as describedin detail in FIGS. 4C–4E.

The message 406 overcomes the prior art problem of FIG. 3B wherein, withmultiple frames, no indication is provided of whether the frames arefrom a secure source beyond the indication 102.

With the invention, the certification performed by the trust evaluationserver 210 assures the user that all sources of the frames informationin pages to which the browser is linked are secure which enables theuser to proceed with confidence.

While the invention has been described in terms of its preferredembodiments, numerous modifications may be made thereto withoutdeparting from the spirit and scope of the present invention. It isintended that all such modifications fall within the scope of theappended claims.

1. A method comprising: receiving, at a server operatively connected toa terminal through a network, a plurality of individual communicationoperations transmitted from a browser installed on the terminal;determining, at the server, a level of trust for each of the pluralityof individual communication operations received from the terminal;providing information from the server to the browser relating to atleast one communication operation; and displaying on a display on theterminal a level of trust, informing a user of a level of securitydetermined to be associated with the at least one communicationoperation upon a comparison of the at least one communication operationto a standard prior to transmission to the network, and wherein theterminal is configured to receive an input for accepting or rejectingthe at least one communication operation based on the displayed level oftrust.
 2. A method in accordance with claim 1 wherein: terminal is amobile terminal; and the at least one communication operation compriseswireless transmissions between the mobile terminal and an entity in thenetwork.
 3. A method in accordance with claim 1 comprising: displaying alevel of trust of each communication operation; and wherein each levelof trust is based at least in part upon technology in the network whichis involved with each communication operation associated with thedisplayed level of trust.
 4. A method in accordance with claim 2wherein: displaying a level of trust of each communication operation;and wherein each level of trust is based at least in part upontechnology in the network which is involved with each communicationoperation associated with the displayed level of trust.
 5. A method inaccordance with claim 1 wherein: the server determines a level of trustof each communication operation based at least in part on technology ofthe network associated with the network providing each communicationoperation.
 6. A method in accordance with claim 5 wherein: level oftrust is also at least in part dependent upon at least one additionalattribute the network used in processing the communication operation. 7.A method in accordance with claim 6 wherein: the at least one additionalattribute is at least one of reliability of an operator of a serveroffering a service during the session through the browser to the user orcommercial viability of an offer of service made to the user during thesession through the browser.
 8. A method in accordance with claim 2wherein: the server determines a level of trust of each communicationoperation based at least in part on technology of the network associatedwith the network providing each communication operation.
 9. A method inaccordance with claim 8 wherein: level of trust is also at least in partdependent upon at least one additional attribute the network used inprocessing the communication operation.
 10. A method in accordance withclaim 9 wherein: the at least one additional attribute is at least oneof reliability of an operator of a server offering a service during thesession through the browser to the user or commercial viability of anoffer of service made to the user during the session through thebrowser.
 11. A system in accordance with claim 1 wherein: display of thelevel of trust is a graphic presentation.
 12. A system in accordancewith claim 1 wherein: display of the level of trust is a numericalvalue.
 13. A system comprising: a terminal including a display; anetwork comprises a server which determines a level of trust of each ofa plurality of communication operations to which the terminal is coupledvia a communication link; and wherein the terminal uses a browser tocommunicate with the network server during a terminal session comprisingat least one communication operation from the browser is received at theserver, the network, provides information from the network to thebrowser relating to the terminal session, and the display displays alevel of trust providing a level of security determined to be associatedwith the at least one communication operation based upon a comparison ofthe at least one communication operation to a standard prior totransmission to the network; and the terminal comprises means foraccepting or rejecting the at least one communication operation basedupon comparison of the displayed level of trust.
 14. A system inaccordance with claim 13 wherein: terminal is a mobile terminal; and theat least one communication operation comprise wireless transmissionsbetween the mobile terminal and an entity in the network.
 15. A systemin accordance with claim 13 wherein: a level of trust is displayed bythe display of each communication operation; and each level of trust isbased at least in part upon technology in the network which is involvedwith each communication operation associated with the displayed level oftrust.
 16. A system in accordance with claim 14 wherein: a level oftrust is displayed by the display of each communication operation; andeach level of trust is based at least in part upon technology in thenetwork which is involved with each communication operation associatedwith the displayed level of trust.
 17. A system in accordance with claim13 wherein: the server determines a level of trust of each communicationoperation based at least in part on technology of the network associatedwith the network providing each communication operation.
 18. A system inaccordance with claim 17 wherein: the level of trust is also at least inpart dependent upon at least one additional attribute of thecommunication operation which is not related to technology of thenetwork used in processing each communication operation.
 19. A system inaccordance with claim 18 wherein: the at least one additional attributeis at least one of reliability of an operator of a server offering aservice during the session through the browser to the user or commercialviability of an offer of service made to the user during the sessionthrough the browser.
 20. A system in accordance with claim 13 wherein:the network comprises a server and the terminal comprises a processor,wherein the server provides information about processing of eachcommunication operation by the network to the processor and theprocessor in response to the information determines the level of trustwhich is displayed by the display and the processor determines a levelof trust of each communication operation based at least in part ontechnology of the network associated with the network providing eachcommunication operation.
 21. A system in accordance with claim 20wherein: the level of trust is also at least in part dependent upon atleast one additional attribute each communication operation which is notdependent upon technology of the network associated with the networkproviding each communication operation.
 22. A system in accordance withclaim 21 wherein: the at least one addition attribute is at least one ofreliability of an operator of a server offering a service during thesession through the browser to the user or commercial viability of anoffer of service made to the user during the session through thebrowser.
 23. A system in accordance with claim 13 wherein: display ofthe level of trust is a graphic presentation.
 24. A system in accordancewith claim 13 wherein: display of the level of trust is a numericalvalue.